[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 25 21:12:51 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4454ba20 by security tracker role at 2024-09-25T20:12:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2024-9169 (The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-8996 (Unquoted Search Path or Element vulnerability in Grafana Agent (Flow m ...)
+ TODO: check
+CVE-2024-8975 (Unquoted Search Path or Element vulnerability in Grafana Alloy on Wind ...)
+ TODO: check
+CVE-2024-8858 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-8546 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-8316 (In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), ...)
+ TODO: check
+CVE-2024-7679 (In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3. ...)
+ TODO: check
+CVE-2024-7576 (In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), ...)
+ TODO: check
+CVE-2024-7575 (In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), ...)
+ TODO: check
+CVE-2024-7481 (Improper verification of cryptographic signature during installation o ...)
+ TODO: check
+CVE-2024-7479 (Improper verification of cryptographic signature during installation o ...)
+ TODO: check
+CVE-2024-7421 (An information exposure in Devolutions Remote Desktop Manager 2024.2.2 ...)
+ TODO: check
+CVE-2024-6594 (Improper Handling of Exceptional Conditions vulnerability in the Watch ...)
+ TODO: check
+CVE-2024-6593 (Incorrect Authorization vulnerability in WatchGuard Authentication Gat ...)
+ TODO: check
+CVE-2024-6592 (Incorrect Authorization vulnerability in the protocol communication be ...)
+ TODO: check
+CVE-2024-6512 (Authorization bypass in thePAM access request approval mechanism in De ...)
+ TODO: check
+CVE-2024-4657 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-47315 (Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue a ...)
+ TODO: check
+CVE-2024-47305 (Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any ...)
+ TODO: check
+CVE-2024-47082 (Strawberry GraphQL is a library for creating GraphQL APIs. Prior to ve ...)
+ TODO: check
+CVE-2024-47078 (Meshtastic is an open source, off-grid, decentralized, mesh network. M ...)
+ TODO: check
+CVE-2024-46655 (A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.3 ...)
+ TODO: check
+CVE-2024-46600 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forge ...)
+ TODO: check
+CVE-2024-46489 (A remote command execution (RCE) vulnerability in promptr v6.0.7 allow ...)
+ TODO: check
+CVE-2024-46488 (sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via ...)
+ TODO: check
+CVE-2024-46485 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forge ...)
+ TODO: check
+CVE-2024-46461 (VLC media player 3.0.20 and earlier is vulnerable to denial of service ...)
+ TODO: check
+CVE-2024-45750 (An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and olde ...)
+ TODO: check
+CVE-2024-45613 (CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0. ...)
+ TODO: check
+CVE-2024-44825 (Directory Traversal vulnerability in Centro de Tecnologia da Informaco ...)
+ TODO: check
+CVE-2024-44678 (Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injec ...)
+ TODO: check
+CVE-2024-43990 (Insertion of Sensitive Information into Log File vulnerability in Styl ...)
+ TODO: check
+CVE-2024-43959 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43237 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-41708 (An issue was discovered in AdaCore ada_web_services 20.0 allows an att ...)
+ TODO: check
+CVE-2024-41445 (Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer overrea ...)
+ TODO: check
+CVE-2024-30128 (HCL Nomad server on Domino is affected by an open proxy vulnerability ...)
+ TODO: check
+CVE-2024-22893 (OpenSlides 4.0.15 verifies passwords by comparing password hashes usin ...)
+ TODO: check
+CVE-2024-22892 (OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm ...)
+ TODO: check
+CVE-2024-20510 (A vulnerability in the Central Web Authentication (CWA) feature of Cis ...)
+ TODO: check
+CVE-2024-20508 (A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion ...)
+ TODO: check
+CVE-2024-20496 (A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdg ...)
+ TODO: check
+CVE-2024-20480 (A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software ...)
+ TODO: check
+CVE-2024-20475 (A vulnerability in the web-based management interface of Cisco Catalys ...)
+ TODO: check
+CVE-2024-20467 (A vulnerability in the implementation of the IPv4 fragmentation reasse ...)
+ TODO: check
+CVE-2024-20465 (A vulnerability in the access control list (ACL) programming of Cisco ...)
+ TODO: check
+CVE-2024-20464 (A vulnerability in the Protocol Independent Multicast (PIM) feature of ...)
+ TODO: check
+CVE-2024-20455 (A vulnerability in the process that classifies traffic that is going t ...)
+ TODO: check
+CVE-2024-20437 (A vulnerability in the web-based management interface of Cisco IOS XE ...)
+ TODO: check
+CVE-2024-20436 (A vulnerability in the HTTP Server feature of Cisco IOS XE Software wh ...)
+ TODO: check
+CVE-2024-20434 (A vulnerability in Cisco IOS XE Software could allow an unauthenticate ...)
+ TODO: check
+CVE-2024-20433 (A vulnerability in the Resource Reservation Protocol (RSVP) feature of ...)
+ TODO: check
+CVE-2024-20414 (A vulnerability in the web UI feature of Cisco IOS Software and Cisco ...)
+ TODO: check
+CVE-2024-20350 (A vulnerability in the SSH server of Cisco Catalyst Center, formerly C ...)
+ TODO: check
+CVE-2023-51157 (Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a ...)
+ TODO: check
CVE-2024-9073 (The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9069 (The Graphicsly \u2013 The ultimate graphics plugin for WordPress websi ...)
@@ -152,7 +262,7 @@ CVE-2024-42505 (Command injection vulnerabilities in the underlying CLI service
NOT-FOR-US: HPE
CVE-2024-38324 (IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd C ...)
NOT-FOR-US: IBM
-CVE-2024-45817 [x86: Deadlock in vlapic_error()]
+CVE-2024-45817 (In x86's APIC (Advanced Programmable Interrupt Controller) architectur ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-462.html
@@ -1694,7 +1804,7 @@ CVE-2024-8766 (Local privilege escalation due to DLL hijacking vulnerability. Th
NOT-FOR-US: Acronis Cyber Protect Cloud Agent (Windows)
CVE-2024-8752 (The Windows version of WebIQ 2.15.9 is affected by a directory travers ...)
NOT-FOR-US: WebIQ
-CVE-2024-8661 (Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.18 are vulnerable t ...)
+CVE-2024-8661 (Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable t ...)
NOT-FOR-US: Concrete CMS
CVE-2024-7104 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: SFS Consulting ww.Winsure
@@ -2640,7 +2750,7 @@ CVE-2024-20398 (A vulnerability in the CLI of Cisco IOS XR Software could allow
NOT-FOR-US: Cisco
CVE-2024-20390 (A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Sof ...)
NOT-FOR-US: Cisco
-CVE-2024-20381 (A vulnerability in the JSON-RPC API feature in ConfD that is used by t ...)
+CVE-2024-20381 (A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network ...)
NOT-FOR-US: Cisco
CVE-2024-20343 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
NOT-FOR-US: Cisco
@@ -8794,7 +8904,7 @@ CVE-2024-7793 (A vulnerability was found in SourceCodester Task Progress Tracker
NOT-FOR-US: SourceCodester Task Progress Tracker
CVE-2024-7628 (The MStore API \u2013 Create Native Android & iOS Apps On The Cloud pl ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-7625 (In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.16.13, 1.7. ...)
+CVE-2024-7625 (In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.1 ...)
- nomad <removed>
CVE-2024-7624 (The Zephyr Project Manager plugin for WordPress is vulnerable to limit ...)
NOT-FOR-US: WordPress plugin
@@ -48240,11 +48350,11 @@ CVE-2024-2201 [Native Branch History Injection]
NOTE: https://vusec.net/projects/native-bhi
NOTE: https://download.vusec.net/papers/inspectre_sec24.pdf
NOTE: https://xenbits.xen.org/xsa/advisory-456.html
-CVE-2024-31146
+CVE-2024-31146 (When multiple devices share resources and one of them is to be passed ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-461.html
-CVE-2024-31145
+CVE-2024-31145 (Certain PCI devices in a system might be assigned Reserved Memory Regi ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-460.html
@@ -126839,8 +126949,8 @@ CVE-2017-20176 (A vulnerability classified as problematic was found in ciubotaru
NOT-FOR-US: share-on-diaspora
CVE-2017-20175 (A vulnerability classified as problematic has been found in DaSchTour ...)
NOT-FOR-US: Mamoto extension for MediaWiki
-CVE-2023-25189
- RESERVED
+CVE-2023-25189 (BTS is affected by information disclosure vulnerability where mobile n ...)
+ TODO: check
CVE-2023-25188 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...)
NOT-FOR-US: NOKIA
CVE-2023-25187 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4454ba20e11219ff2cbf79bc4b7a1e7e944d7bb4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4454ba20e11219ff2cbf79bc4b7a1e7e944d7bb4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240925/040f7021/attachment.htm>
More information about the debian-security-tracker-commits
mailing list